Insecure Key Transport in Xiaomi Smart Home Devices: Exploiting ZigBee Communication Vulnerability

Insecure Key Transport in Xiaomi Smart Home Devices: Exploiting ZigBee Communication Vulnerability

CVE-2019-15913 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages.

Learn more about our Web Application Penetration Testing UK.